Considering this critical issue and to help out the users to recovers their accounts, Yahoo forced the user to utilize the second sign in verification which worked as version of two –factor authentication. In two –factor authentication, a six digit code is send via SMS to a user’s registered mobile phone number. This will help a lot to the yahoo mail users to protect their accounts from hacking.
Yahoo states that in the recent attack of yahoo accounts hijacking, there is no evidence, which states that this hacking done for stealing any credentials from Yahoo itself. In fact it has been concluded that the hackers behind this cyber crime attempts to gathered the usernames and passwords from another site, meaning that Yahoo victims likely reused usernames and passwords across multiple sites. Also As per the current findings the list of usernames & passwords which were used in hacking was collected from a third party database compromise. A malevolent Computer software is used the usernames & Passwords to access the yahoo mail accounts shows the investigation.
How Yahoo Users can avoids this takeovers:
- According to the company recommendations, the user should add an alternative email address and mobile number to their respective accounts, which can be used to receive password reset during the time when account has been compromised.
- Never reused the same password across multiple sites- as it involves the risk of having the password compromised in one place. Hackers can easily unlock your other online accounts via phishing attack or key logger.
- Use strong passwords or use a password manager to generate a strong password for you which will keep your passwords database synchronized across PC’s, Mobile devices and the cloud.
- Yahoo users should activate the aforementioned second sign-in verification in which a six digit code is send to the mobile phone of user via SMS. Without that code attackers would not be able to access your accounts.
- Certain applications like iOS Mail, Android Mail, and Outlook -- don't support Yahoo's second sign-in verification. In such cases you will need to generate one time password which is different from one which you are using to sign in yahoo account.
- Always sign out after each session especially when you are using public or shared computers.
- Keep a regular eye check on your account login activity to make sure you recognize the locations of each log in.
- Don’t click on unknown Links which are sent through messaging applications like Mail & Messengers.